> -----Original Message----- > From: Pete Resnick [mailto:[email protected]] > Sent: Thursday, January 19, 2012 3:52 PM > To: Murray S. Kucherawy > Cc: Message Abuse Report Format working group > Subject: Re: [marf] DISCUSS on draft-ietf-marf-redaction-04 > > If the answer is, "because people insist on putting a lock on", then I > think it's reasonable for someone to say, "Hey, the lock you're selling > to these people is either made of cardboard itself, or everyone has a > key, or whatever, and you had either better tell them about that, or > just sell them a real lock." In other words, I don't see any harm in > using HMAC, other than it's as much of a waste of time as doing a > simple hash or ROT13 or nothing at all.
It's my understanding that "people insist" is indeed the answer. It's a checklist item that local policy imposes. The simple string substitution redaction that first appeared made the feedback system work less well because it made correlation impossible, and this is the proposed solution. It's not meant to be bulletproof, just good enough to satisfy both the policy people that wand some kind of redaction and the technical people that have to find a non-destructive way to do it. > So could someone explain why choosing HMAC is any more silly than doing > the hash? It's not more silly. The point is that H is good enough to achieve the above goals. If there's a scale from 0 to N where the goal is achieved at, say, 5, H gets us to 5 while HMAC gets us to 10000. It just seems like overkill, especially since mounting an attack against H is probably more expensive than just log trolling. > Or why there is any objection to doing HMAC (since it isn't > hard to do)? I don't recall any objection beyond the above. > But it is up to the WG. Yup. I'm ready to make whichever change gets consensus. -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
